(node, attrNormalizedName)
| 10432 | |
| 10433 | |
| 10434 | function getTrustedContext(node, attrNormalizedName) { |
| 10435 | if (attrNormalizedName === 'srcdoc') { |
| 10436 | return $sce.HTML; |
| 10437 | } |
| 10438 | var tag = nodeName_(node); |
| 10439 | // All tags with src attributes require a RESOURCE_URL value, except for |
| 10440 | // img and various html5 media tags. |
| 10441 | if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') { |
| 10442 | if (['img', 'video', 'audio', 'source', 'track'].indexOf(tag) === -1) { |
| 10443 | return $sce.RESOURCE_URL; |
| 10444 | } |
| 10445 | // maction[xlink:href] can source SVG. It's not limited to <maction>. |
| 10446 | } else if (attrNormalizedName === 'xlinkHref' || |
| 10447 | (tag === 'form' && attrNormalizedName === 'action') || |
| 10448 | // links can be stylesheets or imports, which can run script in the current origin |
| 10449 | (tag === 'link' && attrNormalizedName === 'href') |
| 10450 | ) { |
| 10451 | return $sce.RESOURCE_URL; |
| 10452 | } |
| 10453 | } |
| 10454 | |
| 10455 | |
| 10456 | function addAttrInterpolateDirective(node, directives, value, name, isNgAttr) { |
no test coverage detected